package com.example.siyun.config;
import com.example.siyun.handle.CodeFilter;
import com.example.siyun.service.impl.loginserviceimpl.CustomUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @Auther: 全
 * @Date: 2022/10/2 19:54
 * @Description: spring security安全框架的配置类
 */
@EnableWebSecurity //是Spring Security用于启用Web安全的注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomUserDetailsService userDatailService;
    @Autowired
    private SmsSecurityConfigurerAdapter smsSecurityConfigurerAdapter;

    /**
     * 指定加密方式
     */
    @Bean
    public PasswordEncoder passwordEncoder(){
        // 使用BCrypt加密密码
        return new MyPasswordEncoder();
    }
    /**
     * spring security的一些配置
     * @param http HTTP安全
     */
    @Override
        protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests()
                .antMatchers( "/sms/login","/sms/send/code","/tologin","/login.html","/login","/hello","/getPhoneKaptcha","/kaptcha","/users/phoneLogin").permitAll()//设置匹配的资源放行
                .antMatchers("/**").hasAnyRole("aa","admin").anyRequest().authenticated()
    //剩余任何资源必须认证
            .and().formLogin().loginPage("/hello")
                .loginProcessingUrl("/goLogin")//这个路径和登录表单上的要一样.
                .usernameParameter("username")
                .passwordParameter("password")
                .defaultSuccessUrl("/tologin").permitAll()
                .failureUrl("/hello?error=true").permitAll()
                .and()
                .addFilterBefore(new CodeFilter(), UsernamePasswordAuthenticationFilter.class)
                .headers()
                .frameOptions()
                .disable();
        http.apply(smsSecurityConfigurerAdapter);


    }
    /**
     * 进行省份管理的校验
     * @param auth 身份验证管理器生成器
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                // 从数据库读取的用户进行身份认证
                .userDetailsService(userDatailService)
                .passwordEncoder(passwordEncoder());
    }

    @Override
    public void configure(WebSecurity webSecurity) {
        // 不拦截静态资源,所有用户均可访问的资源
        webSecurity.ignoring().antMatchers("/css/**","/layui/**","/imagesss/**","/js/**","/**/*.html");
    }
}
